With computer breaches a growing concern across government, California lawmakers on Wednesday sent a bill to the governor that would require all state agencies to report their annual spending on cybersecurity.
The Assembly voted 66-0 for the measure without any debate. A spokesman for Gov. Jerry Brown declined to say whether the governor would sign the bill.
“Our state is a prime target for cyberattacks, threatening our sensitive data,” Assemblymember Rich Gordon, D-Menlo Park, said in a statement to Techwire after the vote.
“This bill requires state agencies to report how much they spend on cybersecurity, which will help us identify our vulnerabilities and invest appropriately to protect our state data,” he added.
Earlier this year, lawmakers expressed frustration when top officials at the California Department of Technology could not say how much money the state spends to secure the state’s computers, networks and systems. That’s critical information, lawmakers say, if California wants to safeguard sensitive data from potential hackers.
AB 2623 is among several bills lawmakers are promoting this year in a bid to beef up California’s IT systems after a critical state auditor report that found cybersecurity “weaknesses leave some of the state’s sensitive data vulnerable to unauthorized use, disclosure, or disruption.”
State officials have said thousands of attempted hacks have been prevented against state entities this year. However, they acknowledge the growing threat posed by savvy hackers who try to exploit any weakness.
Security breaches at the Pentagon, the White House, U.S. health-care companies, universities and retailers underscore the widespread nature of the issue. This summer, Russian hackers targeted computers at the Democratic National Committee, and leaked more than 19,000 emails that revealed how party officials tried to undercut the presidential campaign of Sen. Bernie Sanders. And reports emerged this week that the same Russian hackers had attempted to gain entry into the computers of The New York Times.
The bill would require state agencies to report a summary of their actual and projected spending on information security to the California Department of Technology, the agency responsible for guiding state entities on IT security.
Under the bill, the Department of Technology would be tasked with developing instructions and a format for spending reports, as well as determining the accounting methodology used to collect the data.
Lawmakers had initially sought the reports beginning in 2017, but the Senate amended the bill to give the administration another year while it continues to work on mandated IT security assessments required by last year’s AB 670.
